Tag
#red_hat
A flaw was found in Ansible Engine, all versions 2.7.x, 2.8.x and 2.9.x prior to 2.7.17, 2.8.9 and 2.9.6 respectively, when using ansible_facts as a subkey of itself and promoting it to a variable when inject is enabled, overwriting the ansible_facts after the clean. An attacker could take advantage of this by altering the ansible_facts, such as ansible_hosts, users and any other key data which would lead into privilege escalation or code injection.
Zoho ManageEngine Asset Explorer 6.5 does not validate the System Center Configuration Manager (SCCM) database username when dynamically generating a command to schedule scans for SCCM. This allows an attacker to execute arbitrary commands on the AssetExplorer Server with NT AUTHORITY/SYSTEM privileges.
Comba AC2400 devices are prone to password disclosure via a simple crafted /09/business/upgrade/upcfgAction.php?download=true request to the web management server. The request doesn't require any authentication and will lead to saving the DBconfig.cfg file. At the end of the file, the login information is stored in cleartext.
D-Link DSL-2875AL and DSL-2877AL devices through 1.00.05 are prone to information disclosure via a simple crafted request to index.asp on the web management server because of username_v and password_v variables.
Unraid 6.8.0 allows authentication bypass.
A flaw was found in Ansible 2.7.16 and prior, 2.8.8 and prior, and 2.9.5 and prior when a password is set with the argument "password" of svn module, it is used on svn command line, disclosing to other users within the same node. An attacker could take advantage by reading the cmdline file from that particular PID on the procfs.
A race condition flaw was found in Ansible Engine 2.7.17 and prior, 2.8.9 and prior, 2.9.6 and prior when running a playbook with an unprivileged become user. When Ansible needs to run a module with become user, the temporary directory is created in /var/tmp. This directory is created with "umask 77 && mkdir -p <dir>"; this operation does not fail if the directory already exists and is owned by another user. An attacker could take advantage to gain control of the become user as the target directory can be retrieved by iterating '/proc/<pid>/cmdline'.
Updated packages that resolve various issues are now available for Red Hat OpenStack Platform 13.0 (Queens) for RHEL 7.Red Hat OpenStack Platform provides the facilities for building, deploying and monitoring a private or public infrastructure-as-a-service (IaaS) cloud running on commonly available physical hardware. Changes to the openstack-octavia-ui component: * This enhancement adds new features and usability enhancements to the Octavia Horizon dashboard. (BZ#1698467) Related CVEs: * CVE-2019-14818: dpdk: possible memory leak leads to denial of service
Moodle before version 3.7.2 is vulnerable to information exposure of service tokens for users enrolled in the same course.
Red Hat OpenShift Container Platform release 4.3.1 is now available with updates to packages and images that fix several bugs.Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.3.1. See the following advisory for the container images for this release: https://access.redhat.com/errata/RHBA-2020:0391 All OpenShift Container Platform 4.3 users are advised to upgrade to these updated packages and images. Related CVEs: * CVE-2019-17596: golang: invalid public key causes panic in dsa.Verify * CVE-2020-7039: QEMU: slirp: OOB buffer access while emulating tcp protocols in tcp_emu() * CVE-2020-7211: QEMU: Slirp: potential directory traversal using relative paths via tftp server on Windows host